Author Topic: Drive-by-Update (Read 5243 times)

carmen · April 10, 2009, 01:12:52 am

Blog MiPistus in speaking of an infection technique called "Drive-by-Update".

http://mipistus.blogspot.com/2009/02/drive-by-update-para-propagacion-de.html
http://mipistus.blogspot.com/2009/04/drive-by-download-y-drive-by-update.html

Does anyone know anything about this?

Thanks!

sowhat-x · April 10, 2009, 01:20:24 am

http://www.malwaredomainlist.com/mdl.php?search=ddvrrflabpqcuoaexpwp&colsearch=All&quantity=50
http://www.malwaredomainlist.com/mdl.php?search=pxciiruurw&colsearch=All&quantity=50

Even more drive-by-sploits from the same registrant...
http://www.malwaredomainlist.com/mdl.php?search=michaeltycoon&colsearch=All&quantity=50

sowhat-x · April 10, 2009, 01:31:17 am

In the first blog entry that you pointed to (dated back from early February),
most of the direct links mentioned there appear to be dead currently....
Yet,I was able to grab few stuff from the ThreatExpert report that he kindly provided...namely:

Quote

hxxp://m.wuc8.com/tt.txt
hxxp://a.wuc9.com/dd/1.exe
hxxp://a.wuc9.com/dd/4.exe
hxxp://a.wuc9.com/dd/6.exe
hxxp://a.wuc9.com/dd/9.exe
hxxp://a.wuc9.com/dd/10.exe

carmen · April 10, 2009, 03:24:01 pm

Thank you very much for the information

, however, no end to understand how this infection technique (Drive-by-Update), and with no more information than is found in MiPistus Blog.

Any comments?

Thanks again

sowhat-x · April 10, 2009, 03:34:46 pm

Way far better than what I could describe it by myself in english language...

http://en.wikipedia.org/wiki/Drive-by_download
Most usually it takes place via unpatched browser exploits though...

Author Topic: Drive-by-Update (Read 5243 times)

carmen

Drive-by-Update

sowhat-x

Re: Drive-by-Update

sowhat-x

Re: Drive-by-Update

carmen

Re: Drive-by-Update

sowhat-x

Re: Drive-by-Update